South African Planning Agency Compromised in SharePoint Hack Attack
PorAinvest
miércoles, 30 de julio de 2025, 10:41 am ET5 min de lectura
MSFT--
The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it. The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server [1].
The South African Department of Planning, Monitoring and Evaluation was one of the victims. The department reported that it had implemented countermeasures, including software patches from Microsoft. However, the attacks have affected over 400 government agencies, corporations, and other groups globally. Most victims are in the US, Mauritius, Jordan, South Africa, and the Netherlands [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors
Hackers have targeted the South African Department of Planning, Monitoring and Evaluation, exploiting a vulnerability in Microsoft's SharePoint servers. The department has implemented countermeasures, including software patches from Microsoft. The attacks have affected over 400 government agencies, corporations, and other groups globally, with most victims in the US, Mauritius, Jordan, South Africa, and the Netherlands. Microsoft warned of attacks targeting on-premise SharePoint networks, which is popular in South Africa for document storage and collaboration.
Hackers have targeted the South African Department of Planning, Monitoring and Evaluation, exploiting a vulnerability in Microsoft's SharePoint servers. The department has implemented countermeasures, including software patches from Microsoft. The attacks have affected over 400 government agencies, corporations, and other groups globally, with most victims in the US, Mauritius, Jordan, South Africa, and the Netherlands. Microsoft warned of attacks targeting on-premise SharePoint networks, which is popular in South Africa for document storage and collaboration [1].The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it. The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server [1].
The South African Department of Planning, Monitoring and Evaluation was one of the victims. The department reported that it had implemented countermeasures, including software patches from Microsoft. However, the attacks have affected over 400 government agencies, corporations, and other groups globally. Most victims are in the US, Mauritius, Jordan, South Africa, and the Netherlands [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors who target any Internet-exposed SharePoint server. The vulnerability, known as ToolShell, was discovered in May 2025 during the Pwn2Own Berlin competition. It allows attackers to remotely execute arbitrary code on vulnerable SharePoint servers. Microsoft released a patch in June, but the vulnerability was exploited before all organizations could apply it [1].
The attacks have been attributed to opportunistic threat actors
Divulgación editorial y transparencia de la IA: Ainvest News utiliza tecnología avanzada de Modelos de Lenguaje Largo (LLM) para sintetizar y analizar datos de mercado en tiempo real. Para garantizar los más altos estándares de integridad, cada artículo se somete a un riguroso proceso de verificación con participación humana.
Mientras la IA asiste en el procesamiento de datos y la redacción inicial, un miembro editorial profesional de Ainvest revisa, verifica y aprueba de forma independiente todo el contenido para garantizar su precisión y cumplimiento con los estándares editoriales de Ainvest Fintech Inc. Esta supervisión humana está diseñada para mitigar las alucinaciones de la IA y garantizar el contexto financiero.
Advertencia sobre inversiones: Este contenido se proporciona únicamente con fines informativos y no constituye asesoramiento profesional de inversión, legal o financiero. Los mercados conllevan riesgos inherentes. Se recomienda a los usuarios que realicen una investigación independiente o consulten a un asesor financiero certificado antes de tomar cualquier decisión. Ainvest Fintech Inc. se exime de toda responsabilidad por las acciones tomadas con base en esta información. ¿Encontró un error? Reportar un problema
Comentarios
Aún no hay comentarios